1. 28 Nov, 2010 1 commit
  2. 12 Nov, 2010 1 commit
  3. 03 Sep, 2010 1 commit
  4. 31 May, 2010 1 commit
  5. 16 May, 2010 1 commit
  6. 23 Feb, 2010 1 commit
    • Brian Haley's avatar
      IPv6: better document max_addresses parameter · e79dc484
      Brian Haley authored
      Andrew Morton wrote:
      >> >From ip-sysctl.txt file in kernel documentation I can see following description
      >> for max_addresses:
      >> max_addresses - INTEGER
      >>         Number of maximum addresses per interface.  0 disables limitation.
      >>         It is recommended not set too large value (or 0) because it would
      >>         be too easy way to crash kernel to allow to create too much of
      >>         autoconfigured addresses.
                 ^^^^^^^^^^^^^^
      
      >> If this parameter applies only for auto-configured IP addressed, please state
      >> it more clearly in docs or rename the parameter to show that it refers to
      >> auto-configuration.
      
      It did mention autoconfigured in the text, but the below makes it more obvious.
      
      More clearly document IPv6 max_addresses parameter.
      Signed-off-by: default avatarBrian Haley <brian.haley@hp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e79dc484
  7. 18 Feb, 2010 2 commits
    • Andreas Petlund's avatar
      net: TCP thin dupack · 7e380175
      Andreas Petlund authored
      This patch enables fast retransmissions after one dupACK for
      TCP if the stream is identified as thin. This will reduce
      latencies for thin streams that are not able to trigger fast
      retransmissions due to high packet interarrival time. This
      mechanism is only active if enabled by iocontrol or syscontrol
      and the stream is identified as thin.
      Signed-off-by: default avatarAndreas Petlund <apetlund@simula.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7e380175
    • Andreas Petlund's avatar
      net: TCP thin linear timeouts · 36e31b0a
      Andreas Petlund authored
      This patch will make TCP use only linear timeouts if the
      stream is thin. This will help to avoid the very high latencies
      that thin stream suffer because of exponential backoff. This
      mechanism is only active if enabled by iocontrol or syscontrol
      and the stream is identified as thin. A maximum of 6 linear
      timeouts is tried before exponential backoff is resumed.
      Signed-off-by: default avatarAndreas Petlund <apetlund@simula.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      36e31b0a
  8. 19 Jan, 2010 1 commit
  9. 07 Jan, 2010 1 commit
    • Jesper Dangaard Brouer's avatar
      net: RFC3069, private VLAN proxy arp support · 65324144
      Jesper Dangaard Brouer authored
      This is to be used together with switch technologies, like RFC3069,
      that where the individual ports are not allowed to communicate with
      each other, but they are allowed to talk to the upstream router.  As
      described in RFC 3069, it is possible to allow these hosts to
      communicate through the upstream router by proxy_arp'ing.
      
      This patch basically allow proxy arp replies back to the same
      interface (from which the ARP request/solicitation was received).
      
      Tunable per device via proc "proxy_arp_pvlan":
        /proc/sys/net/ipv4/conf/*/proxy_arp_pvlan
      
      This switch technology is known by different vendor names:
       - In RFC 3069 it is called VLAN Aggregation.
       - Cisco and Allied Telesyn call it Private VLAN.
       - Hewlett-Packard call it Source-Port filtering or port-isolation.
       - Ericsson call it MAC-Forced Forwarding (RFC Draft).
      Signed-off-by: default avatarJesper Dangaard Brouer <hawk@comx.dk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      65324144
  10. 03 Dec, 2009 1 commit
  11. 02 Dec, 2009 2 commits
  12. 07 Oct, 2009 1 commit
    • Octavian Purdila's avatar
      make TLLAO option for NA packets configurable · f7734fdf
      Octavian Purdila authored
      On Friday 02 October 2009 20:53:51 you wrote:
      
      > This is good although I would have shortened the name.
      
      Ah, I knew I forgot something :) Here is v4.
      
      tavi
      
      >From 24d96d825b9fa832b22878cc6c990d5711968734 Mon Sep 17 00:00:00 2001
      From: Octavian Purdila <opurdila@ixiacom.com>
      Date: Fri, 2 Oct 2009 00:51:15 +0300
      Subject: [PATCH] ipv6: new sysctl for sending TLLAO with unicast NAs
      
      Neighbor advertisements responding to unicast neighbor solicitations
      did not include the target link-layer address option. This patch adds
      a new sysctl option (disabled by default) which controls whether this
      option should be sent even with unicast NAs.
      
      The need for this arose because certain routers expect the TLLAO in
      some situations even as a response to unicast NS packets.
      
      Moreover, RFC 2461 recommends sending this to avoid a race condition
      (section 4.4, Target link-layer address)
      Signed-off-by: default avatarCosmin Ratiu <cratiu@ixiacom.com>
      Signed-off-by: default avatarOctavian Purdila <opurdila@ixiacom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f7734fdf
  13. 04 Sep, 2009 1 commit
    • Bhaskar Dutta's avatar
      sctp: Sysctl configuration for IPv4 Address Scoping · 72388433
      Bhaskar Dutta authored
      This patch introduces a new sysctl option to make IPv4 Address Scoping
      configurable <draft-stewart-tsvwg-sctp-ipv4-00.txt>.
      
      In networking environments where DNAT rules in iptables prerouting
      chains convert destination IP's to link-local/private IP addresses,
      SCTP connections fail to establish as the INIT chunk is dropped by the
      kernel due to address scope match failure.
      For example to support overlapping IP addresses (same IP address with
      different vlan id) a Layer-5 application listens on link local IP's,
      and there is a DNAT rule that maps the destination IP to a link local
      IP. Such applications never get the SCTP INIT if the address-scoping
      draft is strictly followed.
      
      This sysctl configuration allows SCTP to function in such
      unconventional networking environments.
      
      Sysctl options:
      0 - Disable IPv4 address scoping draft altogether
      1 - Enable IPv4 address scoping (default, current behavior)
      2 - Enable address scoping but allow IPv4 private addresses in init/init-ack
      3 - Enable address scoping but allow IPv4 link local address in init/init-ack
      Signed-off-by: default avatarBhaskar Dutta <bhaskar.dutta@globallogic.com>
      Signed-off-by: default avatarVlad Yasevich <vladislav.yasevich@hp.com>
      72388433
  14. 01 Sep, 2009 1 commit
  15. 01 Jun, 2009 1 commit
  16. 17 May, 2009 1 commit
  17. 04 May, 2009 1 commit
    • Ilpo Järvinen's avatar
      tcp: extend ECN sysctl to allow server-side only ECN · 255cac91
      Ilpo Järvinen authored
      This should be very safe compared with full enabled, so I see
      no reason why it shouldn't be done right away. As ECN can only
      be negotiated if the SYN sending party is also supporting it,
      somebody in the loop probably knows what he/she is doing. If
      SYN does not ask for ECN, the server side SYN-ACK is identical
      to what it is without ECN. Thus it's quite safe.
      
      The chosen value is safe w.r.t to existing configs which
      choose to currently set manually either 0 or 1 but
      silently upgrades those who have not explicitly requested
      ECN off.
      
      Whether to just enable both sides comes up time to time but
      unless that gets done now we can at least make the servers
      aware of ECN already. As there are some known problems to occur
      if ECN is enabled, it's currently questionable whether there's
      any real gain from enabling clients as servers mostly won't
      support it anyway (so we'd hit just the negative sides). After
      enabling the servers and getting that deployed, the client end
      enable really has some potential gain too.
      Signed-off-by: default avatarIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      255cac91
  18. 18 Mar, 2009 1 commit
    • Brian Haley's avatar
      ipv6: Fix incorrect disable_ipv6 behavior · 9bdd8d40
      Brian Haley authored
      Fix the behavior of allowing both sysctl and addrconf_dad_failure()
      to set the disable_ipv6 parameter without any bad side-effects.
      If DAD fails and accept_dad > 1, we will still set disable_ipv6=1,
      but then instead of allowing an RA to add an address then
      immediately fail DAD, we simply don't allow the address to be
      added in the first place.  This also lets the user set this flag
      and disable all IPv6 addresses on the interface, or on the entire
      system.
      Signed-off-by: default avatarBrian Haley <brian.haley@hp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9bdd8d40
  19. 24 Feb, 2009 2 commits
  20. 22 Feb, 2009 1 commit
  21. 01 Feb, 2009 1 commit
  22. 27 Oct, 2008 1 commit
    • Neil Horman's avatar
      net: implement emergency route cache rebulds when gc_elasticity is exceeded · 1080d709
      Neil Horman authored
      This is a patch to provide on demand route cache rebuilding.  Currently, our
      route cache is rebulid periodically regardless of need.  This introduced
      unneeded periodic latency.  This patch offers a better approach.  Using code
      provided by Eric Dumazet, we compute the standard deviation of the average hash
      bucket chain length while running rt_check_expire.  Should any given chain
      length grow to larger that average plus 4 standard deviations, we trigger an
      emergency hash table rebuild for that net namespace.  This allows for the common
      case in which chains are well behaved and do not grow unevenly to not incur any
      latency at all, while those systems (which may be being maliciously attacked),
      only rebuild when the attack is detected.  This patch take 2 other factors into
      account:
      1) chains with multiple entries that differ by attributes that do not affect the
      hash value are only counted once, so as not to unduly bias system to rebuilding
      if features like QOS are heavily used
      2) if rebuilding crosses a certain threshold (which is adjustable via the added
      sysctl in this patch), route caching is disabled entirely for that net
      namespace, since constant rebuilding is less efficient that no caching at all
      
      Tested successfully by me.
      Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: default avatarEric Dumazet <dada1@cosmosbay.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1080d709
  23. 10 Jul, 2008 2 commits
  24. 08 Jul, 2008 1 commit
  25. 03 Jul, 2008 2 commits
  26. 01 Jul, 2008 2 commits
  27. 28 Jan, 2008 1 commit
  28. 26 Oct, 2007 1 commit
  29. 19 Oct, 2007 1 commit
  30. 10 Oct, 2007 1 commit
  31. 11 Jul, 2007 1 commit
  32. 10 Jul, 2007 1 commit
  33. 25 Apr, 2007 2 commits